tranparent proxying, squid, nat, ipfw

Gil Agno Virtucio gihl at nesic.com.ph
Mon Oct 6 02:29:28 PDT 2003 

so far this was the simpliest squid configuration that i've seen...

http://ezine.daemonnews.org/200209/squid.html


hope this helps...

-----------------------------------------------------
Gil Agno Virtucio
Janitor/Collector/Messenger
NEC System Integration and Construction Philippines Inc. 
15th Floor BPI Buendia Center
Gil Puyat Ave. Makati City 1200
Cellphone : +639163989695
Office Phone: +6328914167
-----------------------------------------------------


-----Original Message-----
From: synrat [mailto:synrat at wirewalk.org]
Sent: Monday, October 06, 2003 11:40 AM
To: freebsd-questions at freebsd.org
Subject: tranparent proxying, squid, nat, ipfw


I'm having a hard time getting this working together.
I have squid 2.5 stable working and with all the required
setting for transparent proxying. The machine has the kernel with IPFW 
and
forwarding options. NAT is on, firewall type is simple with some
modifications. Internal interface address is 192.168.1.1. Squid runs 
fine
when the browser is setup to access it, but the goal is not to have to 
do
that.

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy  on
httpd_accel_uses_host_header on

I have the forwarding rule as well

fwd 127.0.0.1,3128 tcp from any to any 80

I tried 192.168.1.1,3128 in the rule. Tried putting it before both 
divert
rules. Here's my ipfw list output



00050 divert 8668 ip from any to any via rl0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from 192.168.1.0/24 to any in recv rl0
00500 deny ip from 66.92.100.0/24 to any in recv rl1
00600 deny ip from any to 10.0.0.0/8 via rl0
00700 deny ip from any to 172.16.0.0/12 via rl0
00800 deny ip from any to 192.168.0.0/16 via rl0
00900 deny ip from any to 0.0.0.0/8 via rl0
01000 deny ip from any to 169.254.0.0/16 via rl0
01100 deny ip from any to 192.0.2.0/24 via rl0
01200 deny ip from any to 224.0.0.0/4 via rl0
01300 deny ip from any to 240.0.0.0/4 via rl0
01400 divert 8668 ip from any to any via rl0
01500 deny ip from 10.0.0.0/8 to any via rl0
01600 deny ip from 172.16.0.0/12 to any via rl0
01700 deny ip from 192.168.0.0/16 to any via rl0
01800 deny ip from 0.0.0.0/8 to any via rl0
01900 deny ip from 169.254.0.0/16 to any via rl0
02000 deny ip from 192.0.2.0/24 to any via rl0
02100 deny ip from 224.0.0.0/4 to any via rl0
02200 deny ip from 240.0.0.0/4 to any via rl0
02300 allow tcp from any to any established
02400 allow ip from any to any frag
02500 allow tcp from any to 66.92.100.221 25 setup
02600 allow tcp from 192.168.1.0/24 to 192.168.1.0/24
02700 allow tcp from 192.168.1.0/24 to 192.168.1.0/24
02800 allow udp from 192.168.1.0/24 to 192.168.1.0/24
02900 allow udp from 192.168.1.0/24 to 192.168.1.0/24
03000 allow tcp from any to 66.92.100.221 80 setup
03100 allow tcp from any to 66.92.100.221 8080 setup
03200 allow tcp from any to 66.92.100.221 8021 setup
03300 allow tcp from any to 66.92.100.221 21 setup
03400 allow tcp from any to 66.92.100.221 22 setup
03500 allow tcp from any to 66.92.100.221 110 setup
03600 allow tcp from any to 66.92.100.221 143 setup
03700 allow tcp from any to 66.92.100.221 993 setup
03800 allow tcp from any to 66.92.100.221 995 setup
03900 allow icmp from any to any
04000 deny log tcp from any to any in recv rl0 setup
04100 allow tcp from any to any setup
04200 fwd 127.0.0.1,3128 tcp from any to any 80
04300 allow udp from 66.92.100.221 to any keep-state
04400 allow udp from 192.168.1.3 to any keep-state
65535 deny ip from any to any


















_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
"freebsd-questions-unsubscribe at freebsd.org"

____________________________________________________________________
** Get your free E-Mail account at WWW.DIGITELONE.COM **

More information about the freebsd-questions mailing list